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A Computing System Being Able to Quickly Switch between an Internal and an 
External Networks and a Method thereof 

Background of the Present Invention 
5 Field of Invention 

The invention relates to a computing system such as a computer, a Personal 
Digital Assistant, or a mobile phone, and more particularly, to the computing system 
being accessible to both an internal network and an external network and being able to 
quickly and switch therebetween without being shut down. 

1 0 Description of Related Arts 

At present, in consideration of information security, an internal network such as 
an office or a confidential Local Area Network, is usually physically separated from 
external network such as the Internet. Some home PCs having private data also need 
physical separation from the external network. The earliest predecessor solution to this 

15 problem was using two computers respectively connected to internal and external 
networks. Bringing high security however requiring two computers, it is too expensive 
and can not efficiently exchange data between the internal and the external networks. A 
later resolution was the dual-mainboard solution. Though uses a common computer 
chassis and shares one display and one keyboard, it still employs two computers 

20 essentially. It has the same problem as its ancestors. 

Latterly, dual hard disk and then single hard disk solutions came up. The first 
one means that two hard disks are used by one computer. When using the internal 
network, a computer boots up with an "internal use only" hard disk and when it needs to 
be connected to the external network, a user can boot from the other hard disk connected 
25 and used by external network only. In this situation, once the external network is started 
up, the hard disk or network connected to the internal network is physically separated, i.e. 
the internal system is absolutely not accessible or at least is not able to be effectively read 
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from or written on. Thus, a user is able to use either the internal system or the external 
system with one computer, with the physical separation of the internal and the external 
networks and consequent security of the internal data. 

Although the solution of dual hard disk securely separated the internal and 

5 external networks, it requires two hard disks, which still costs relative high. In the single 
hard disk solution, the hard disk is divided into two partitions, each having its own 
operating system used independently by the internal or external network, respectively. A 
user can choose to boot either, the internal or the external network. In this solution, when 
the computer is connected to the external network, data of the internal network is not 

10 readable and/or writable and more than one operating systems need to be started up, as 
disclosed in the patented Chinese invention ZL 94,1 1 1,461 owned by the same inventor. 
When more than one operating systems need to be started up, a good way is "twice 
startup" disclosed in Chinese patent ZL 97,116,855 of the same inventor. At the same 
time, the single hard drive solution also successfully solves the problem of system 

15 recovery when the system collapses. Additionally, in the solution, a swap area is 
established on the hard disk, which can be read from or written on when the external 
network is started up, or can be read from however without being written on when the 
internal is started up. Information is allowed to flow one-way from the external network 
to the internal, preventing any automatic disclosure of the internal data. The swap area 

20 can be arranged to be readable and writable at any time, which will sacrifice certain 
security performance. Generally, data exchanges between the internal and the external 
networks can be done flexibly and safely, keeping a secured separation is always 
desirable. 

However, for either the single hard disk solution or the dual hard disk solution, 
25 if a user wants to switch between the internal and the external systems, the computer 
must be rebooted for purpose of security. It is obviously very inconvenient for users. 
Especially in e-business, a user frequently needs to communicate and exchange 
information with other external network users via the external network. And when he 
needs a digital signature, he may hope to enter the internal network where the signature 
30 key is placed to prevent any ill-willed hacker from getting it. After the information is 
safely signed, the user needs to come back into the external system to exchange the 
information with other relevant external network users. In that way, programs and keys 
for signature are kept in the internal system to ensure their security, and can be used in e- 
commerce while security is guaranteed. 
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The most important issue in the Internet-based e-commerce is security. At client 
terminals, due to non-one-hundred-percent virus protection, ill-willed hacker invasions, 
and BOs, there exists the possibility for the information in client terminal computers to be 
illegally accessed. However, it is unaffordably serious if the information of a key used for 

5 digital signature, which is used to identify clients and sign contracts, is so accessed. It 
means the information of the key must be kept at an inaccessible place. An US patent 
numbered 99,806,523 filed on May 13, 1999 by Wave Systems Corp. disclosed a solution 
that employs a special-use computer for digital signature. But the computer, e.g. a smart 
card, either works slowly or is expensive, which makes the users have to choose 

10 encryption algorithms having relatively weaker security performance. Therefore, the best 
way is to make full use of the computer at client terminal, making it 1. be able to 
physically separate the internal and the external systems, making any internal system 
information inaccessible from any program and individual including the user he himself; 
2. when the computer is connected to internal network, the user can selectively send 

15 relevant information to the external system, and in order to ensure security, the control 
program will not be able to be changed by any virus: it should be write-protected; and, 3. 
the switching between the internal and the external systems should be conveniently and 
quickly. 

The spirit of the invention for above mentioned computer can be applied to all 
20 computing devices such as the portable computing devices. A user may access the 
external network when internet communication is needed. When digital signature is 
needed, the user can enter the internal system, and then send documents bearing digital 
signatures to the expected destinations via external network. 

A computer which is able to "simultaneously" use two operating systems will 
25 also provide convenience for computer education on multiple operating systems. 

Summary of the Present Invention 

The main object of the invention is to provide a computing system such as a 
computer, a Personal Digital Assistant, or a mobile phone, being accessible to both an 
internal network and an external network and being able to quickly switch therebetween 
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without being shut down while ensuring a physical separation between above two 
networks. 

These and other objectives, features, and advantages of the present invention 
will become apparent from the following detailed description, the accompanying 
5 drawings, and the appended claims. 
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Brief Description of the Drawings 

Fig. 1 is a schematic flow chart showing operation of the computing system according to 
the invention. 
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Detailed Description of the Preferred Embodiment 

For computing systems that are communicatively connected to both an internal 
network and an external network and that need physical separation and switching 
between the networks, a usually used conventional way is to reboot the computing 
5 system, select a hard disk corresponding to the desired network and having an 
independent operating system, and enter the operating system to work. A drawback of 
such a way is slowness which is very unsuitable for some circumstances that need quick 
switching. 

In one aspect, a computing system consisting of clock, logic execution unit, and 
10 all variable registers can be theoretically deemed as a system of status. A state of all 
current variable registers defines a status of a computing system. For example, a state 
defined by all the variable registers when a computing system only has an internal 
network connection and one corresponding operating system defines a status of such 
computing system; and another state defined by the same all registers when the same 
15 computing system only has an external network connection and one corresponding 
operating system defines another status thereof. 

So it is considered that if statuses of a computing system can be backed up and 
recovered, and can be quickly switched therebetween without being shut down while 
ensuring a physical separation, it will bring much convenience to computing system 
20 users. 

With reference to Fig. 1, operation of a computing system according to the 
invention is shown. The computing system has: 

a CPU 10 communicatively connected to a memory controller 13, a video 
memory controller 14, a hard disk controller 18, and a network adapter controller 19, 
25 each of which respectively and communicatively connected to a memory 11, a video 
memory 12, a hard disk 17, and a network unit connected either to an external network 40 
or to an internal network 50, respectively through a memory switch 31, a video memory 
switch 32, a hard drive switch 33, and a network switch 34; 
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an input unit 20 which is able to input a request of switching to the CPU 10; 

a first status thereof defined by states of all variable registers thereof when the 
computing system is only connected to the internal network 50 and runs one 
corresponding operating system; 

5 a second status thereof defined by states of the same all registers when the 

computing system is only connected to the external network 40 and runs another 
corresponding operating system; 

a switching unit 30 being communicatively connected to the CPU 10 and all 
above switches 31, 32, 33, and 34, respectively, and having a trigger 35 which is able to 
10 generate a non-maskable interrupt 351 to the CPU 10 after the switching unit 30 receives 
a command of switching from the CPU 10 responding to the request of switching; and, 

a switch program 36 which is kept in the switching unit 30, which has backups 
of both the statuses in the hard disk, the memory, or a network server, and which, after 
the CPU 10 receives the non-maskable interrupt 351, is able to backup a current status, 
15 control the switching unit 30 to control all the switches 31, 32, 33, and 34 to interrupt all 
serving programs, then load the other status other than the current status to the computing 
system, and finally control the switching unit 30 to reset the trigger 35. 

The input unit 20 may include a keyboard, a mouse, a touch screen, an E-mail, 
or other information receiver. The switches 31, 32, 33, and 34 can be either electronic 
20 switches or mechanical switches. 

A monitor 16 is communicatively connected to the video memory controller 14 
through a display controller 15 for monitoring operation of the computing system. 

After a switching, all variables in the CPU 10, the memory 11, the video 
memory 12, the hard disk 17, and all the variable registers of the computing system 
25 defining a status of the computing system are changed into the other variables defining 
the other status. Thus the memory 1 1, the video memory 12, and the hard disk 17 can be 
virtually deemed respectively as another identical memory 21, another video memory 22, , 
and another hard disk 23 specially used under either one status. 
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The switch program 36 may have an ID verification unit 37 thereof used to 
confirm a validity of the user, and making the switching unit 30 either to proceed or stop 
respectively when the identification is passed or failed. From above disclosure, it could 
be seen that the computing system is able to be a computer, a Personal Digital Assistant, 
or a mobile phone, each of which has all the features and characteristics defined by the 
aforementioned computing system. 

The invention further provide a method of safely and quickly switching between 
an internal network 50 and an external network 40 for a computing system having a CPU 
10, a first status, a second status, an input unit 20, a switching unit 30 having a trigger 35, 
and, a switch program 36, wherein the method comprises following steps: 

1) input a request of switching via the input unit 20 when the computing system 
is in one of the two statuses; 

2) after receiving the request of switching, the CPU 10 runs the switch program 

36; and, 

3) the switch program 36 backs up a current status, control the switching unit 30 
to interrupt all serving programs and loads the other status other than the current status to 
the computing system. 

Alternatively, the step 2) of above process may be: 

2.1) after receiving the request of switching, the CPU sends a command of 
switching to the switching unit; 

2.2) the switching unit sets the trigger which generates a consequent non- 
maskable interrupt back to the CPU; 

2.3) after and only after receives the non-maskable interrupt 351, the CPU 10 
runs the switch program 36. 

In above method, a further sub-step (3.1) may be added into (3) wherein before 
the switch program 36 starts backing-up the data, a further confirmation of a judging unit 
37 is required. 
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In the above disclosed invention, it could be apparent to a person of related art 
that no matter which status the computing system is currently in, the computing system is 
able to be absolutely disconnected from any network 40 or 50 either physically or with 
software whenever desired by a user. 

5 One skilled in the art will understand that the embodiment of the present 

invention as shown in the drawings and described above is exemplar only and not 
intended to be limiting. 

It will thus be seen that the objects of the present invention have been fully and 
effectively accomplished. Its embodiments have been shown and described for the 
10 purposes of illustrating the functional and structural principles of the present invention 
and is subject to change without departure from such principles. Therefore, this invention 
includes all modifications encompassed within the spirit and scope of the following 
claims. 
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